[security-dev] Replacing Seam RunAsOperation (impersonate)

Michael Cirioli mcirioli at redhat.com
Sun Jul 12 22:48:30 EDT 2015 

i am on PTO this week, but if you want to set up some time on my calendar the following week I'd be happy to talk about options with you.

-mikeOn Jul 12, 2015 8:21 PM, Sean Flanigan <sflaniga at redhat.com> wrote:
>
> Hi Mike, 
>
> If the solution is completely SAML-specific, I don't think it will do me 
> any good, but if you think the general approach could work for other 
> types, then yes, I'm certainly interested, thanks! 
>
> Sean. 
>
>
> On 2015-07-10 23:07, Mike Cirioli wrote: 
> > Sean - 
> > I have implemented a user impersonation functionality with PL for the redhat.com's customer facing IdP using picketlink.  Its not what I would call pretty, but it does allow our customer service team to authenticate and access any SAML service providers with the identity of the customer having issues. 
> > 
> > I'm not sure if this is the same sort of functionality your looking for, but i'd be happy to describe how we did it if your interested. 
> > 
> > -mike cirioli 
> > 
> > 
> > On 7/10/15 8:27 AM, Pedro Igor Silva wrote: 
> >> Hey Sean, 
> >> 
> >>      You are right, PL is missing that feature. It was planned but now the PL and KC are merging I'm not sure if we are going to implement it in PL. 
> >> 
> >>      Regarding your question, there is no easy way to specify your own Identity implementation. However, I'm wondering if you can use a custom CDI scope for that. PicketLink allows you to define a specific scope for the Identity bean. 
> >> 
> >> Regards. 
> >> Pedro Igor 
> >> 
> >> ----- Original Message ----- 
> >> From: "Sean Flanigan" <sflaniga at redhat.com> 
> >> To: security-dev at lists.jboss.org 
> >> Sent: Friday, July 10, 2015 5:37:51 AM 
> >> Subject: [security-dev] Replacing Seam RunAsOperation (impersonate) 
> >> 
> >> I was hoping I had missed an impersonation feature[1], but now I'm 
> >> thinking there isn't one in PicketLink.  Assuming I have to subclass and 
> >> @Specialize org.picketlink.internal.DefaultIdentity, how would I go 
> >> about convincing PicketLink to use my implementation? 
> >> 
> >> org.picketlink.extension.PicketLinkExtension seems to be vetoing my 
> >> implementation.  Is there some way of telling (or overriding) 
> >> IdentityBeanDefinition to use my Identity bean class? 
> >> 
> >> [1] https://developer.jboss.org/thread/260993 
> >> 
> >> Regards, 
> >> 
> >> Sean. 
> >> 
>
>
> -- 
> Sean Flanigan 
>
> Principal Software Engineer 
> Globalisation Tools Engineering 
> Red Hat 
>

More information about the security-dev mailing list